Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Something must be done about these IIS exploits. I'm brainstorming now on writing a daemon that identifys these exploit requests and then drops them at the firewall.
Ah. You mean something like Snort with Guardian?
There's even an Apache mod that can block and reply AFAIK, dunno name tho.
I've heard of those but I was thinking of something more along the lines of a daemon that runs and not only blocks access on the server, but also can connect to people running the LIFE client and let them know what servers are infected as well. Still a lot of things to work out in my head and I'm not sure if its even feasable or worth while.
() but also can connect to people running the LIFE client and let them know what servers are infected as well.
Hmm. Such services exist like for instance Dshield or myNetWatchman. Anyway, if it's done on a massive global scale (like with all TLDs represented) and if it's got good integration with other forms of alerting (look for instance at how Prelude IDS tries to do this on a micro scale) the better chances are it'll be usefull. For instance it could be a nice tool to graph/signal outbreaks 'n stuff.
OTOH if it lacks support, overview, or would show how in detail how all 'leet Roadrunner users scan the rest of the globe it wouldn't be interesting for long.
Anyway, good luck, and keep us posted if you come up with something in the works.
well well atleast i know my firewall works =)
I don't know what the previous page says but it sure made my fw
lit up.
Thnx for the help now atleast i don't need more coffee to stay awake
hm now it gets interesting,should i or shouldn't i shut down the fw and take a peek? lol
Crashed_Again, dont worry every web server on the net has these same problems. I am managing some university systems and will soon just not log these attempts at all.
Can we do that using the level on the apache error_log?????
I wish it were legal to retaliate against the scipt kiddies out there or against infected boxes. That way you could shut them down so they wouldnt be a problem to anyone on the net and the admin of the box or owner would have to suffer the consequences of not upgrading or patching their software. heh
As far as retaliating against script kiddies. I think that should be perfectly legal. Like when someone Sub 7 scans you 1000 times. THat happened to me the other day. So I netsent him a nice message about 100 times and he backed off realizing he was a noob.
Sincerely,
Lord Rashid
I wish it were legal to retaliate against the scipt kiddies out there or against infected boxes.
I don't see any form of legislation holding you back anyway. You're an expert on skiddies based on, what*? Besides, isn't "hunting" skiddies a waste of time and cycles, since they'll just move on to another src IP and other targets just as easily?
THat happened to me the other day. So I netsent him a nice message about 100 times
...which I'm sure you didn't do manually, which makes you a what?
I had the same problem with Comcast domains.... I called comcast to say that I used a firewall utility to detect code red/nimda queries... I told them I wanted a refund until they made others on the subnet apply the patch to fix their machines. They were using up my valuable bandwidth......
3 days later an email was sent to all comcast users explaining what the worms were and where to get the patch.
Didn't help though, so I drop all incoming packets from 68.80.0.0 and never looked back.
Distribution: Slackware, (Non-Linux: Solaris 7,8,9; OSX; BeOS)
Posts: 1,152
Rep:
Quote:
Originally posted by Lord-Rashid I wish it were legal to retaliate against the scipt kiddies out there or against infected boxes. That way you could shut them down so they wouldnt be a problem to anyone on the net and the admin of the box or owner would have to suffer the consequences of not upgrading or patching their software. heh
As far as retaliating against script kiddies. I think that should be perfectly legal. Like when someone Sub 7 scans you 1000 times. THat happened to me the other day. So I netsent him a nice message about 100 times and he backed off realizing he was a noob.
Sincerely,
Lord Rashid
So, how do you know it's a script kiddie working from their own machine and not an infected machine? Sure, people who don't completely secure their machines are part of the problem, but just because grandma doesn't know anything about security or linux doesn't mean you have any more right to crash her computer than a skiddie does. Just block the crap, put the offending computer in your TCP wrapper, and get on with your life.
I know it was a script kiddie b/c I had been attacked by them and UDP scanned about 100 times previously in the past. They are located in Northern China and I've had countless other types of attacks from them. I was just never at my computer to retaliate before. They had attempted to UDP scan me, Sub Seven, Back Office, Nimbda, Stack BO, etc. Also there were no ports open on their computer that would allow for a bounce attack to occur.
Sincerely,
Lord-Rashid
Guys, i can offer you to read book 'Protection from hackers'. I don't know what is real name of this book in english, but there are 20 hack-stories and answers, how to protect from hackers atacks. It is cool book and in first chapter is a simple story of hacking Windows.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.